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Telephone commerce 





(57) This invention discloses an apparatus for facili- 
tating secure electronic commerce via the telephone 
including a subscriber unit associated with a subscriber 
telephone which may be connected to a telephone net- 
work and a vendor unit associated with a vendor tele- 
phone system and vendor computer system, which may 
communicate with the subscriber unit via the telephone 
network, the subscriber unit including a communication 
device for communicating with the vendor computer 
system and with the subscriber, a subscriber unit oper- 
ative in accordance with a cryptographic payment proto- 
col for effecting secure payment transactions with the 
vendor computer system, a human interface device 
operative to provide information to a subscriber, and a 
selectably actuatable security barrier operator operative 
to disable voice communication between the subscriber 
telephone and the telephone network without interfering 
with computer communications between the subscriber 
unit and the telephone network. 
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Descnptibii * ' - 

FIELD OF THE INVENTldN ' ^ ' 

. . The jDresent invention relates to telephone in gen- 
eral and rriore pailicularly to' apparatus arid techniques 
for'secure data transrnission via telephone links. 

BACKGROUND OF THE INVENTION ^ ^' ' 

Commericia! trartsactions carried but via the tele- 
phone are susceptible to breaches of seciirity. 'such as 
nriisuse of a credit card nurnber transmitted via the' tele- 
phorie-'The credit card number rnay be^^lnterdeptdd by 
an eavesdropper on a telephone line, by, a vendor or by 
persons working with the vendor. *" ' ^ 

Cryptographic payment protocols have been devel- 
oped for enabling secure commercial transactions, such 
as credit card transactions, to take place via the tele- 
phone. One such protocol is. the Secure Electronic 
Transactions (SET) protocoir which allows* secure 
exchange of credit-card information. The SET protocol 
and similar cryptographic payment protocols providing a 
similar level of security require the transmission of a rel- 
atively large amount of digitized data and thus are not 
suitable for use in transactions - wherein the' " data is 
transmitted by voice. Such protocols dd not provide 
security of serisitive information at the customer site but 
only provide security en route to the vendor site;- 

SUMMARY OF THE INVENTION 

The present invention seeks to provide apparatus 
for facilitating secure'- electronic commisfce.' such as 
credit card commerce, via" the telephone inclijding a 
subscriber unit associated with a subscriber telephone 
which may be connected to a telephone network arid a 
vendor unit associated with a vendor telephone system 
and vendor computer system which may communicate 
with the subscriber unit via the telephone network, the 
subscriber unit including a communication device "for 
communicating with the vendor computer system and 
with the stijscriber, a processor operative in accord- 
ance with a cryptographic payment protocol for effecting 
secure payment transactions with the vendor computer 
system, an human interlace device operative to provide 
irtformation to a subscriber, and a select'ably actuatable 
security barrier operator operative to idisable voice com- 

' munication between the subscriber telephone and the 
telephone network without interfering with computer 

^conimunicatiohs between the subscriber- unit and the 
telephone network. ' - 

Further in accordance with a preferred err4>ddirinent 
of the present invention the communication device 
includes a modem for coriimunicating wvith the verxlor 
computer s^tem. * ^ ' " ' ' . • ■ t 

Additionally in accordance wfth a preferred embod- 
iments of the present invention" the cdrrimunication 



device "also indud^ a DTWIF proce'ssbr responiive to 
DTMF Inputs at the' subscriber telephone. Afternativefy 
the communication device incfijdes a voice recognizer 
responsive to voice inputs at the subscriber telephone. 

5 Further in accordance with a preferred embodiment 

of the present invention the human interface device 
includes'a voice annunciator operative to provide voice 
communication to a subscriber via the subsaiber tele- 
phone.- ' ^ " 

ib Furthermore in accordance '^with a'' preferred 
embodiment of the present iriventiori the security ban-ier 
is operative to disable voice commuriicatidn between 
the' subscriber* telephone' and the telephone network 
without^ interfering with computer communication 

15 between the subscriber unit and the telephone network, 
the security barrier having a normal mode of operation 
and a secure mode of operation, wherein in the normal 
mode of operation the security ban-ier does not disable 
voice communication and the subscriber telephone can 

so be used in a conventional manner, and when actuated 
to be in the secure mode of operation, the security bar- 
rier does disable voice communication and permits 
computer communication according to the crypto- 
graphic payment protocol between the subscriber- unit 

25 and the vendor computer system via the telephone net- 
work. 

Additionally in accordance with a prefenred embod- 
iment of the present invention the human interface 
device is operative during operation in the secure mode 
30 of Operation to communicate information and questions 
to the subscriber, who can re^nd to the subscriber tel- 
ephone via DTMF or voice input. - 

Further in accordance with a preferred embodiment 
of tiie present invention the subscriber unit includes an 
35 indicator, indicating to a subscriber when tiie subsaiber 
unit is operating in the secure mode of operation; ^ 

Still further in accordance with -a preferred embodi- 
ment of the present invention .the; security barrier may 
be actuated by the subscriber or by the vendor compu- 
40 ter system or vendor telephone system. : : ~;; 

Moreover in accordance with a preferred emtsodi- 
ment of the present invention the security barrier may 
be actuated by the sutjscriber either by manual actua- 
tion of a switch. on the subscriber, unit or by a DTMF 
45 * input or a voice input. . ' - .i ' 

^'BRIEF DESCRIPTION OF THE DRAWINGS . - 

The present invention will be understood and 
so appreciated .more fully .from the following detailed — 
description, taken' in conjunction, with the drawings in 
which:* ' .. ' , 

Rg. 1 is a simplified block diagra hi illustration of 
55 apparatus, for facilitating secure electronic com- 
- ~ merce via the telephone constructed and operative 
in accordance, with one preferred enrrix>diment of 
• ' til e present invention; : . - . 
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. Fig. 2 -is a, simplified block diagram, iilustration pf 
..apparatus for facilitating secure electronic corn- 
amerce via the telephone constructed and operative 
in accordance with^anotiner preferred embodiment 
of the present invention; . 
Fig. 3 is a simplified block diagram illustration of 
apparatus for - facilitating secure electronic com- 
• merce yia the telephone constructed and operative 
in accordance with yet another preferred embodi- 
. ment of,,the present invention; , ^ , . ^ , . i 

- Fig . 4 is a simplified flow chart lllustrati ng operation 
' otthe apparatus of the present invention ; - 
^ . Fig. 5 is a simplified diagram il!ustratirig;apparatus 
of:the present invention in abnormal mode of opera- 
tion; : ■ . ; ^ ■•. - 
. Fig. 6 is a simplified diagrarri illustrating apparatus 
of the present invention in a secure mode of opera- 
, tion; and , . - , , .- 

Fig. 7.is a simplified block diagram illustrating appa- 
;.ratus located at a vendor site for operation of the 
. present invention. 

DETAILED DESCRIPTION OF A PREFERRED 
EMBODIMENT,. , . 

Reference is now made to Fig. 1 , which is a simpli- 
fied block diagram illustration of apparatus for. facilitating 
secure electronic commerce via the telephone con- 
structed.and operative in accordance with one preferred 
embodiment of the present invention. It is noted -that 
throughout the . specif ication ^nd the. claims, the term 
electronic commerce .encompasses any kind of elec- 
tronically transacted; commerce, including .credit- card 
commerce. ; . . 

^ The 'apparatus preferably comprises a subscriber 
unit 10 associated with a subscriber telephone 12 which 
may be connected to a telephone networks 4 via a tele- 
phone line 16. The subscriber unit may be incorporated 
into the telephone or may be. located separately there- 
from. The subscriber unit preferably comprises ,, a 
-modem 18 or other suitable communication device for 
communicating with a vendor computer system (Fig., 7) 
-via the telephone network 14 and a cryptographic pay- 
merit protocol processor 20 operative in accordance 
with a cryptographic payment protocol for effecting 
secure credit card transactions with the vendor compu- 
ter system,. Alternatively, when an ISDN protocol or 
DTMF signaling is used there may be no need for a 
modem. .Cryptographic payment protocol processors 

■ and- their operations are in the public domain,>such as 
http://www.mastercard.com/set/set.htm on the. World 
Wide Web. The cryptographic payment protocol proces- 
sor 20 operates in conjunction with a smart card 

' reader/writer-22.and a user's smart card 24. 
" In accordance, with a preferred ehibodiment of the 

■ present invention, there is provided a voice annunciator 
'■26 operative :to provide voice communication to -a sub- 
scriber via the subscriber telephone and a DTMF proc- 



essor 28 responsive to DTMF inputs at the subscriber 
telephone 12. ' 

In accordance with a preferred embodiment of the 
present invention, the sut3scriber unit 10 includes a 

5 selectably actuatable security barrier operator operative 
to disable voice communication between the subscriber 
telephone 12 and'; the telephone network i 4" without 
interfering with cornputer communications between the 
telephone network 14 and the cryptographic payment 

10 protocol processor 20. the modem 18 arid the voice 
arinundator 26. The security barrier js preferably 
eriribpdi.edjn the processor ..20 and js actuated by a 
switch '30, whicri, may ^be. manually^, or otherwise actua- 
ble, Actuatiqaotthe swi SO^preferably.results in a vis- 

15 ual indication being gi ven to a user .by rneaps of a 
suitable indicator, such as a LED 32.^. ' " _ . 

In accordance with a preferred ernbodi merit of the 
present invention, the purity barrier has a norrrial mode 
of operation arid a secure, mode of operation, wherein in 

20 the normal mode of operation, when switch 30 is not 
actuated, the security barrier does not disable voice 
communication arid the subscriber telephone 1 2 can be 
used in a conventional manner. When the security bar- 
rier is actuated to be in the secure mode of operation by 

25 switch 30. the security barrier does disable voice corn- 
munication arid permits computer . communication 
according , to ' the .cryptographic payment.^ protocol 
between the subscriber unit 10. and the vendor compu- 
ter system, via the telephone network. , 

30 The operation of the embodiment shown in Fig. 1 
when the security barrier is.actuated may be. summa- 
rized as follows: During operation, the voice annunciator 
26 provides to the -user, via the telephone 12 verbal 
information, about transaction details.. The DJMF proc- 

■35 essor 28 receives DTMF responses ..from the user via 
the DTMF. keyboard on telephone 12. When the LED 32 
; is illuminated, the customer is assured, that the verbal 
infomiation originates from the cryptographic payriient 
processor 20 and is not originating from a spurious. or 

40 fraudulent source. In this way, the user is ensured that 
the transaction -details -that he hears are exactly those 
. which are being presented to the cryptographic pay- 
ment processor 20. 

Reference's now made to Fig. 2, which is a simpli- 

45 tied block diagram illustration of apparatus for facilitating 
secure electronic commerce via the telephone con- 
structed and operative in accordance with another pre- 
ferred embodiment of the. present . inverition. The 
. embodiment of Fig. 2 differs from that of Fig. 1 in. that it 

so employs a processor 40 including an internal smart card, 
like device rather than a removable smart card as in the 
embodiment of Fig. 1. The operation of the embodiment 
of Fig.^ 2 is essentially the same as that described here- 
inabove. ; ,. ^ — • ,^ . , 

55 - : Reterence is now rriade to Fig. 3, which is a simpli- 
fied block diagram illustration of apparatus for facilitating 
vsecure electronic cpmrnerce via the telephone con- 
structed and operative in accordance with yet another 



3 



BNSDOCID: <eP 082731 BA2_L> 



5i 



EP 0 827 318 A2 - 



6 



prefferred embodiment of the present, invention. The 
embodiment of Fig. 3 differs from. that of Fig. 1 in that rt 
also employs a liquid crystal display 42 for providing vis- 
ual information to the user, in addition to or in place of 
the audio information that he receives via the telephone 
1 2 and in addltion to or in place of the illumination of the 
LED 32;.:- . ■ ... .-yr^.. . 

Reference is now made.to Fig. 4. which is a simpli- 
fied flow chart illustrating operation of the apparatus of 
the present invention according to any of the embodi- 
ments of Figs. 1-3. Upon actuation of switch .30, the 
secure mode of operation is initiated and the telephone 
12 Is disconnected from the telephone line 16 and .UED 
32 is illuminated. Forthe emt>odiment of Fig. 3; a suita- 
ble message is displayed by .the LCD 42. : . 

Disconnection of the telephone ,12 from tel^hone 
line 16 ensures. that voice messages: provided by'the 
voice annunciator 26 to the user are not heard by the 
vendor or other entities with whom communication 
exists via the telephone network 14. Similarly the DTMF 
password entry and authorization are not transmitted to 
the vendor or other entities with whom communication 
exists via the telephone network 14, and the .vendor 
cannot Influence password entry and authorization. 
Conversely the cryptographic payment protocol com- 
munication between processor 20 and the vendor via 
the telephone Une 16 and telephone network.14 is.not 
heard by the user. ' . 

It fs appreciated that actuation of the secure mode 
may be initiated alternatively by means of a DTMF input 
to the telephone 12 or by a DTMF or other in-band Input 
at the vendor's side. Deactuation of the secure mode 
may be achieved by any of the above^nentioned user 
actions or automatically by the completion of the crypto- 
graphic payment protocol, if the line fails or if either 
party goes On-Hook 

Where a removable smart card is employed, as in 
the embodiment of Rg 1. rt the smart card is not in the 
reader/writer 22, the user is pronpted to insert the 
smart card. The user is then prompted to insert his 
password via DTMF Once the password has been 
checked for conectness, authentication is carried out 
vis-a-vis a vendor using the cryptographic payment pro- 
tocol and transaction details are supplied to the user via 
telephone 12 and annunciator 26 as in ttie emtxxJi- 
ments of Figs. 1 and 2, and/or via display 42 as in the 
embodiment of Fig. 3. Upon completion or termination 
of the transaction, the secure mode operation is termi- 
nated manually or automatically. 

Rg. 5 illustrates the . effective ^lircuit- connection . . 
when the apparatus of Fig. 1 operates in the normal 
moda It is seen that all of the apparatus in the sub- 
scriber unit 1 0 is effectively transparent. 

Rg. 6 illustrates the effective circuit connection 
when the apparatus of Fig. i operates in the secure 
mode. In secure mode, tine microprocessor n^ntains 
two separate and unconnected communication chan- 
nels. One is with the user, tiiough the voice annunciator 
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and DTMF processor, and is used.to inform the user of 
the transaction details and ask for smartcard insertion 
(if necessary), password entry.; and authorization. The 
other is wrtii the vendor, through the modem, and is 
5 used to carry out the cryptographic payment protocol. 
The two conversations are only related through specrtic 
functions under the control of tiie miqroprocessor. and 
sensitive user data is not communicated to the vendor 
• Reference is now made to Rg. 7, which is a simpli- 
10 fied block diagram illustrating apparatus located at a 
vendor site for operation of the present invention. The 
apparatus - typically includes, a private telephone 
exchange 60 such as -:a PABX to which are connected 
various modems 62 which are in turn connected to a 
15. . LAN server 64 which supports a LAN 66. to which are 
connected multiple computer and telephone stations 68 
which provide botii computer and telephone communi- 
cations for an operator 

Normally, the server 64 provides each computer 
so and telephone station 68 via the LAN 66 with an elec- 
fronic form providing the user details witiiout the user 
password. Each operator station is connected to the tel- 
ephone exchange with two .channels: a voice channel 
connected to the operator's headset, and a data chan- 
25 ■ nel connected through,the rnodem to the operator's ter- " 
minal. When a conversation with the user is in progress, 
the operator talks to the user through the headset in tine 
normal way. -At this time, the subsalber unit functions in 
normal (transparent) mode. When the time has come to 
30 perform the electronic payment transaction, the sub- 
scriber unit is switched to secure mode and communi- 
cates with, the operator terminal in .tfiis mode. At this 
time, tiie voice communication is suspended (progress 
feedback is supplied to the operator via his terminal and 
35 . to the subscriber via his telephone). After the electronic 
payment protocol has finished, tine call can be termi- 
nated, or restored to voice communication. 

tt is appreciated by those skilled, in the. art that 
although the previous embodiments are described with 
40 reference to DTMF, - nevertiieless the present invention 
may also be carried out by using other devices such as 
a keypad or a voice recognition device, mutatis 
mutandis. 

- ft will be appreciated by persons skilled in the art 
45 that the present invention is not limited by what has 
been particularly-^ shown and described hereinabove. 
Rather the scope of the present invention includes both 
combinations and subcombinatlons of the. various fea- 
tures described hereinabove as well as variations and 
5D_. .modifications thereof which would occur to a. person 
skilled in the art upon reading the foregoing description 
and which are not In the prior art. , 

Claims . = - . - .. , ... 

55 . . - , . . , . . ' ■ 

1. Apparatus for, fadlitating secure electronic- com- 
" .merce via the, telephone comprising: , . 
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:.a subscriber unit associated with a subscriber- 
telephone which may be connected to a tele- 
phone network; -and' 5 
-a vendor unit associated with a vendor tele- 
phone system and Vendor computer system, 
. which may communicate with said subscriber 
unit via said telephone network, ^ ■ 

said subscriber unit comprising: 
' a communication . device for communicating 
with , said vendor computer system and - with 
" said subscriber: ■ - ' ^>^^f ' - • 

■ , a processor operative in accordance : with a 

cryptographic payrnent protocol -..fbr • effecting ' 
secure payment transactions*^ with said vendor . 
computer system,; and - r ; 

a human interface device operative to provide 
Information to a subscriber; characterized by: ' 
a selectably actuatable security barrier operar 
tor operative to disable voice communication 
- ^ between said subscriber telephone and said 
telephone network withoutinterfering with comr 
puter communications between said subscriber. 
• unit and said telephone network. 

2. Apparatus for facilitating secure electronic corh- 
. merce via the telephone according to -claim 1 and 

wherein said communication^ device includes a 

■ modem for communicating with said vendor compu- 

' - ter system;- 

3. Apparatus for facilitating ^secure electronic com- ■ 
merce via the^ telephone according to. claim 1 or 
claim 2 and wherein said human interface device 

• includes a voice annunciator- operative to provide 
. voice-'communication to a subscriber via' the sub-, 
"^scriber telephone:- 

4. Apparatus for facilitating secure- electronic com- 
. merce via the telephone according to claim 1 . 2 or 

. 3 and wherein said communication device includes 
a DTMF processor responsive to DTM F inputs at 
' the subscriber telephone. • 

5. Apparatus for facilitating secure electronic com- 
merce via the telephone according to claim 1, 2; 3 

' 'or 4 and 'wherein said cortimunication device 
includes a voice recognizer responsive to voice 
inputs'at the subscriber telephone. J" 

6. "' ■ Apparatus for facilitating secui'e ' electronic com- 

nrierce via the telephone according to claim 1 and 
wherein said security barrier is operative to disable 
voice communication between said subscriber tele- 
phone and said telephone network without interfer- 
ing with computer communication between said 
' 'subscriber unit and said telephone network, said 
security ban-ier having a normal mode of operation 
and a secure mode of operation, wherein: 



• in said normal- mode of ope rati on*;the security 
' ' . barrier does not disable voice: communication - 
. > and the subscriber telephone can be used Jn a 
/ conventional .manner, 'and . 

5 • ■ when' actuated to be in 'said secure "mode of- 
' ■ operation, the security > barrier - does 'disable 
voice communication and permits computer 
. communication according to said cryptographic 
:■: payment protocol between said subscriber' unit 
10 ,. ..'.and said vendor computer system via said tele- 
. . phone- network. , ' vt. 

7/ . Apparatus-according to'any/ of .the preceding claims 
and wherein said' human interface - dievice is operar . 
15- tive during operation in said secure mode of: opera-: 
■ tlori to; communicate information and questions to 
the subscriber,; who can respond to said subscriber 
telephone. 

20 8. Apparatus according to any of the preceding claims 
and wherein said subscriber unit includes an indi- 
cator, indicating to a subscriber when the sub- 
scriber unit is operating in said secure mode of 
' operation. . * , 
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9. Apparatus according to any of the preceding claims 
and wherein said security barrier may be- actuated, 
by the subscriber or by said vendor, computer sys- 

:. tem orvendor telephone system. 

10. Apparatus according to claim 9 and wherein said 
security tjarrier may be actuated by the subscriber 
,either by manual actuation of a switch on the sub- 

. scriber- unit or. by a DTMF injaUt or by a voice Input. 
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phone system and vendor computer system, which may 
communicate with the subscriber unit via the teleptione 
network, the subscriber unit including a communication 
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ative in accordance with a cryptographic payment proto- 
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vendor computer system, a human interface device 
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, ^ selectably actuatable security barrier operator operative 
to disable voice communication between the subsaiber 
telephone and the telephone network without interfering 
.with computer communications between the subscriber 
unit and the telephone network. 
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